On Thu, Sep 02, 2010 at 11:53 +0200, Mike Belopuhov wrote: > On Mon, Aug 30, 2010 at 22:27 +0200, Mike Belopuhov wrote: > > ipsecctl part. > > > > Fixed manual key for gcm and cbc (apparently somebody forgot it). > Note that gcm spec says you should not use manual keys. >
- dropped support for "aes-gcm" and "aes-gmac" aliases; - fixed up a lost flag and style nit spotted by naddy; Index: ike.c =================================================================== RCS file: /home/cvs/src/sbin/ipsecctl/ike.c,v retrieving revision 1.67 diff -u -p -r1.67 ike.c --- ike.c 4 Oct 2009 11:39:32 -0000 1.67 +++ ike.c 6 Sep 2010 14:30:01 -0000 @@ -161,6 +161,7 @@ static int ike_section_p2(struct ipsec_rule *r, FILE *fd) { char *exchange_type, *sprefix; + int needauth = 1; switch (r->p2ie) { case IKE_QM: @@ -224,6 +225,30 @@ ike_section_p2(struct ipsec_rule *r, FIL case ENCXF_AESCTR: fprintf(fd, "AESCTR"); break; + case ENCXF_AES_128_GCM: + fprintf(fd, "AESGCM-128"); + needauth = 0; + break; + case ENCXF_AES_192_GCM: + fprintf(fd, "AESGCM-192"); + needauth = 0; + break; + case ENCXF_AES_256_GCM: + fprintf(fd, "AESGCM-256"); + needauth = 0; + break; + case ENCXF_AES_128_GMAC: + fprintf(fd, "AESGMAC-128"); + needauth = 0; + break; + case ENCXF_AES_192_GMAC: + fprintf(fd, "AESGMAC-192"); + needauth = 0; + break; + case ENCXF_AES_256_GMAC: + fprintf(fd, "AESGMAC-256"); + needauth = 0; + break; case ENCXF_BLOWFISH: fprintf(fd, "BLF"); break; @@ -232,6 +257,7 @@ ike_section_p2(struct ipsec_rule *r, FIL break; case ENCXF_NULL: fprintf(fd, "NULL"); + needauth = 0; break; default: warnx("illegal transform %s", @@ -270,43 +296,44 @@ ike_section_p2(struct ipsec_rule *r, FIL warnx("illegal transform %s", r->p2xfs->authxf->name); return (-1); } - } else - fprintf(fd, "SHA2-256"); + fprintf(fd, "-"); + } else if (needauth) + fprintf(fd, "SHA2-256-"); if (r->p2xfs && r->p2xfs->groupxf) { switch (r->p2xfs->groupxf->id) { case GROUPXF_NONE: break; case GROUPXF_768: - fprintf(fd, "-PFS-GRP1"); + fprintf(fd, "PFS-GRP1"); break; case GROUPXF_1024: - fprintf(fd, "-PFS-GRP2"); + fprintf(fd, "PFS-GRP2"); break; case GROUPXF_1536: - fprintf(fd, "-PFS-GRP5"); + fprintf(fd, "PFS-GRP5"); break; case GROUPXF_2048: - fprintf(fd, "-PFS-GRP14"); + fprintf(fd, "PFS-GRP14"); break; case GROUPXF_3072: - fprintf(fd, "-PFS-GRP15"); + fprintf(fd, "PFS-GRP15"); break; case GROUPXF_4096: - fprintf(fd, "-PFS-GRP16"); + fprintf(fd, "PFS-GRP16"); break; case GROUPXF_6144: - fprintf(fd, "-PFS-GRP17"); + fprintf(fd, "PFS-GRP17"); break; case GROUPXF_8192: - fprintf(fd, "-PFS-GRP18"); + fprintf(fd, "PFS-GRP18"); break; default: warnx("illegal group %s", r->p2xfs->groupxf->name); return (-1); }; } else - fprintf(fd, "-PFS"); + fprintf(fd, "PFS"); fprintf(fd, "-SUITE force\n"); return (0); Index: ipsec.conf.5 =================================================================== RCS file: /home/cvs/src/sbin/ipsecctl/ipsec.conf.5,v retrieving revision 1.126 diff -u -p -r1.126 ipsec.conf.5 --- ipsec.conf.5 7 Jun 2010 08:32:58 -0000 1.126 +++ ipsec.conf.5 6 Sep 2010 11:41:52 -0000 @@ -612,6 +612,12 @@ keyword: .It Li aes-192 Ta "192 bits" .It Li aes-256 Ta "256 bits" .It Li aesctr Ta "160 bits" Ta "[phase 2 only]" +.It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only]" +.It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only]" +.It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only]" +.It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only]" +.It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only]" +.It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only]" .It Li blowfish Ta "160 bits" .It Li cast Ta "128 bits" .It Li skipjack Ta "80 bits" @@ -630,6 +636,10 @@ This is because the most significant bit The keysize of AES-CTR is actually 128-bit. However as well as the key, a 32-bit nonce has to be supplied. Thus 160 bits of key material have to be supplied. +The same applies to AES-GCM and AES-GMAC. +.Pp +Please note that AES-GMAC performs no encryption and provides no +confidentiality. .Pp Using NULL with ESP will only provide authentication. This is useful in setups where AH can not be used, e.g. when NAT is involved. Index: ipsecctl.h =================================================================== RCS file: /home/cvs/src/sbin/ipsecctl/ipsecctl.h,v retrieving revision 1.59 diff -u -p -r1.59 ipsecctl.h --- ipsecctl.h 4 Aug 2009 15:05:50 -0000 1.59 +++ ipsecctl.h 6 Sep 2010 11:42:32 -0000 @@ -63,7 +63,9 @@ enum { }; enum { ENCXF_UNKNOWN, ENCXF_NONE, ENCXF_3DES_CBC, ENCXF_DES_CBC, ENCXF_AES, - ENCXF_AES_128, ENCXF_AES_192, ENCXF_AES_256, ENCXF_AESCTR, + ENCXF_AES_128, ENCXF_AES_192, ENCXF_AES_256, ENCXF_AESCTR, + ENCXF_AES_128_GCM, ENCXF_AES_192_GCM, ENCXF_AES_256_GCM, + ENCXF_AES_128_GMAC, ENCXF_AES_192_GMAC, ENCXF_AES_256_GMAC, ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_NULL, ENCXF_SKIPJACK }; enum { @@ -140,6 +142,7 @@ struct ipsec_xf { u_int16_t id; size_t keymin; size_t keymax; + int noauth; }; struct ipsec_transforms { Index: parse.y =================================================================== RCS file: /home/cvs/src/sbin/ipsecctl/parse.y,v retrieving revision 1.148 diff -u -p -r1.148 parse.y --- parse.y 3 Aug 2010 18:42:40 -0000 1.148 +++ parse.y 6 Sep 2010 14:35:02 -0000 @@ -98,20 +98,26 @@ const struct ipsec_xf authxfs[] = { }; const struct ipsec_xf encxfs[] = { - { "unknown", ENCXF_UNKNOWN, 0, 0 }, - { "none", ENCXF_NONE, 0, 0 }, - { "3des-cbc", ENCXF_3DES_CBC, 24, 24 }, - { "des-cbc", ENCXF_DES_CBC, 8, 8 }, - { "aes", ENCXF_AES, 16, 32 }, - { "aes-128", ENCXF_AES_128, 16, 16 }, - { "aes-192", ENCXF_AES_192, 24, 24 }, - { "aes-256", ENCXF_AES_256, 32, 32 }, - { "aesctr", ENCXF_AESCTR, 16+4, 32+4 }, - { "blowfish", ENCXF_BLOWFISH, 5, 56 }, - { "cast128", ENCXF_CAST128, 5, 16 }, - { "null", ENCXF_NULL, 0, 0 }, - { "skipjack", ENCXF_SKIPJACK, 10, 10 }, - { NULL, 0, 0, 0 }, + { "unknown", ENCXF_UNKNOWN, 0, 0, 0 }, + { "none", ENCXF_NONE, 0, 0, 0 }, + { "3des-cbc", ENCXF_3DES_CBC, 24, 24, 0 }, + { "des-cbc", ENCXF_DES_CBC, 8, 8, 0 }, + { "aes", ENCXF_AES, 16, 32, 0 }, + { "aes-128", ENCXF_AES_128, 16, 16, 0 }, + { "aes-192", ENCXF_AES_192, 24, 24, 0 }, + { "aes-256", ENCXF_AES_256, 32, 32, 0 }, + { "aesctr", ENCXF_AESCTR, 16+4, 32+4, 0 }, + { "aes-128-gcm", ENCXF_AES_128_GCM, 16+4, 16+4, 1 }, + { "aes-192-gcm", ENCXF_AES_192_GCM, 24+4, 24+4, 1 }, + { "aes-256-gcm", ENCXF_AES_256_GCM, 32+4, 32+4, 1 }, + { "aes-128-gmac", ENCXF_AES_128_GMAC, 16+4, 16+4, 1 }, + { "aes-192-gmac", ENCXF_AES_192_GMAC, 24+4, 24+4, 1 }, + { "aes-256-gmac", ENCXF_AES_256_GMAC, 32+4, 32+4, 1 }, + { "blowfish", ENCXF_BLOWFISH, 5, 56, 0 }, + { "cast128", ENCXF_CAST128, 5, 16, 0 }, + { "null", ENCXF_NULL, 0, 0, 1 }, + { "skipjack", ENCXF_SKIPJACK, 10, 10, 0 }, + { NULL, 0, 0, 0, 0 }, }; const struct ipsec_xf compxfs[] = { @@ -2209,7 +2215,7 @@ validate_sa(u_int32_t spi, u_int8_t saty yyerror("esp does not provide compression"); return (0); } - if (!xfs->authxf) + if (!xfs->authxf && (xfs->encxf && !xfs->encxf->noauth)) xfs->authxf = &authxfs[AUTHXF_HMAC_SHA2_256]; if (!xfs->encxf) xfs->encxf = &encxfs[ENCXF_AES]; Index: pfkdump.c =================================================================== RCS file: /home/cvs/src/sbin/ipsecctl/pfkdump.c,v retrieving revision 1.27 diff -u -p -r1.27 pfkdump.c --- pfkdump.c 1 Jul 2010 02:11:35 -0000 1.27 +++ pfkdump.c 1 Sep 2010 16:20:32 -0000 @@ -153,6 +153,9 @@ struct idname auth_types[] = { { SADB_X_AALG_SHA2_256, "hmac-sha2-256", NULL }, { SADB_X_AALG_SHA2_384, "hmac-sha2-384", NULL }, { SADB_X_AALG_SHA2_512, "hmac-sha2-512", NULL }, + { SADB_X_AALG_AES128GMAC, "gmac-aes-128", NULL }, + { SADB_X_AALG_AES192GMAC, "gmac-aes-192", NULL }, + { SADB_X_AALG_AES256GMAC, "gmac-aes-256", NULL }, { SADB_X_AALG_MD5, "md5", NULL }, { SADB_X_AALG_SHA1, "sha1", NULL }, { 0, NULL, NULL } @@ -171,6 +174,8 @@ struct idname enc_types[] = { { SADB_X_EALG_3IDEA, "idea3", NULL }, { SADB_X_EALG_AES, "aes", NULL }, { SADB_X_EALG_AESCTR, "aesctr", NULL }, + { SADB_X_EALG_AESGCM16, "aes-gcm", NULL }, + { SADB_X_EALG_AESGMAC, "aes-gmac", NULL }, { SADB_X_EALG_BLF, "blowfish", NULL }, { SADB_X_EALG_CAST, "cast128", NULL }, { SADB_X_EALG_DES_IV32, "des-iv32", NULL }, @@ -707,6 +712,32 @@ pfkey_print_sa(struct sadb_msg *msg, int break; case SADB_X_EALG_AESCTR: xfs.encxf = &encxfs[ENCXF_AESCTR]; + break; + case SADB_X_EALG_AESGCM16: + switch (r.enckey->len) { + case 28: + xfs.encxf = &encxfs[ENCXF_AES_192_GCM]; + break; + case 36: + xfs.encxf = &encxfs[ENCXF_AES_256_GCM]; + break; + default: + xfs.encxf = &encxfs[ENCXF_AES_128_GCM]; + break; + } + break; + case SADB_X_EALG_AESGMAC: + switch (r.enckey->len) { + case 28: + xfs.encxf = &encxfs[ENCXF_AES_192_GMAC]; + break; + case 36: + xfs.encxf = &encxfs[ENCXF_AES_256_GMAC]; + break; + default: + xfs.encxf = &encxfs[ENCXF_AES_128_GMAC]; + break; + } break; case SADB_X_EALG_BLF: xfs.encxf = &encxfs[ENCXF_BLOWFISH]; Index: pfkey.c =================================================================== RCS file: /home/cvs/src/sbin/ipsecctl/pfkey.c,v retrieving revision 1.49 diff -u -p -r1.49 pfkey.c --- pfkey.c 22 Dec 2008 17:00:37 -0000 1.49 +++ pfkey.c 6 Sep 2010 11:43:28 -0000 @@ -488,10 +488,23 @@ pfkey_sa(int sd, u_int8_t satype, u_int8 sa.sadb_sa_encrypt = SADB_EALG_DESCBC; break; case ENCXF_AES: + case ENCXF_AES_128: + case ENCXF_AES_192: + case ENCXF_AES_256: sa.sadb_sa_encrypt = SADB_X_EALG_AES; break; case ENCXF_AESCTR: sa.sadb_sa_encrypt = SADB_X_EALG_AESCTR; + break; + case ENCXF_AES_128_GCM: + case ENCXF_AES_192_GCM: + case ENCXF_AES_256_GCM: + sa.sadb_sa_encrypt = SADB_X_EALG_AESGCM16; + break; + case ENCXF_AES_128_GMAC: + case ENCXF_AES_192_GMAC: + case ENCXF_AES_256_GMAC: + sa.sadb_sa_encrypt = SADB_X_EALG_AESGMAC; break; case ENCXF_BLOWFISH: sa.sadb_sa_encrypt = SADB_X_EALG_BLF;